PHP没有将所有记录插入MySQL数据库

【问题标题】:PHP is not inserting all records into MySQL DatabasePHP没有将所有记录插入MySQL数据库
【发布时间】:2015-09-10 12:10:42
【问题描述】:

我一直在开发一个系统,该系统会为我的 Gmail 帐户接收电子邮件,然后会接收某些电子邮件(符合正确标准)并将其上传到 MySQL 数据库。
问题是并非所有记录都被插入。我已经回应了哪些细节将被插入到数据库中,并且我已经为数据库中的每一列设置了足够的空间。

代码如下:

<!DOCTYPE html>
<html>
<head>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
<title>Mailbox</title>
</head> 
<body>

    <?php       
        //connects to gmail
        $mail_server = 'imap.gmail.com' ;
        $mail_port = 993 ;
        $mail_username = 'username' ;
        $mail_password = 'password' ;
        $mail_folder = 'Inbox';
        $mail_certificate = '/imap/ssl/novalidate-cert';

        echo '<h1>'.$mail_username.' on '.$mail_server.'</h1>' ;
        $mbox = imap_open('{'.$mail_server.':'.$mail_port.$mail_certificate.'}'.$mail_folder, $mail_username, $mail_password) or die('Error opening mailbox: <br /> '.imap_last_error());

        $mailboxheaders = imap_headers($mbox);
        if ($mailboxheaders == false) {
            echo '<p>'.$mail_folder.' is empty.</p>\n\n';
        } else {
            echo '<h2>'.$mail_folder.'</h2>' ;
            $msgno = 0;

            foreach ($mailboxheaders as $val) {
                $msgno++;
                //Getting messages from .....
                $pos = strpos($val,'certain_email');
                if($pos === false){
                    //No result
                }else{
                    $msgType = checkMsgType($mbox, $msgno);
                    if($msgType === "RS-StaffJourno"){
                        staffJournoMsg($mbox, $msgno);
                    }else if($msgType === "RS-Freelancer"){
                        freeLancerMsg($mbox, $msgno);
                    }else if($msgType === "RS-PRSender"){
                        prSenderMsg($mbox, $msgno);
                    }else if($msgType === "RS-Promotions"){
                        promotionsMsg($mbox, $msgno);
                    }else if($msgType === "RS-Broadcaster"){
                        broadcasterMsg($mbox, $msgno);
                    }else if($msgType === "RS-Blogger"){
                        bloggerMsg($mbox, $msgno);
                    }else{
                        echo "Unknown Type of RS Message,Please Add $msgType";
                    }
                }
            }
        }


        function dbInsert($query){
            //Connects to db
            $host = 'localhost';
            $username = 'dbUsername';
            $password = 'dbPassword';
            $database = 'dbName';

            //Connects to table
            mysql_connect($host, $username, $password) or die('Cannot connect to php myadmin :<br> '.mysql_error());
            mysql_select_db($database) or die('Cannot select table :<br>'.mysql_error());

        //  echo $query; //To check what is being input (Testing reasons)
            mysql_query($query);
            mysql_close();
        }

        function staffJournoMsg($mbox, $msgno){
            $type = "Journo";       
            setVars($mbox, $msgno, $type);
        }

        function bloggerMsg($mbox, $msgno){
            $type = "Blogger";
            setVars($mbox, $msgno, $type);
        }

        function freeLancerMsg($mbox, $msgno){
            $type = "Freelance";
            setVars($mbox, $msgno, $type);
        }

        function prSenderMsg($mbox, $msgno){
            $type = "PRSender";
            setVars($mbox, $msgno, $type);
        }

        function promotionsMsg($mbox, $msgno){
            $type = "Promotions";
            setVars($mbox, $msgno, $type);
        }   

        function broadcasterMsg($mbox, $msgno){
            $type = "Broadcaster";
            setVars($mbox, $msgno, $type);
        }

        function setVars($mbox, $msgno, $type){
            //Getting the variables values
            $mediaOutlet = getMediaOutlet($mbox, $msgno);   
            $subject = getSubject($mbox, $msgno);
            $journalist = getStaffJournalist($mbox, $msgno, $type);     
            $mediaType = getMediaType($mbox, $msgno);       
            $deadline = getDeadline($mbox, $msgno);     
            $mainContent = getQuery($mbox, $msgno);     
            $replyInfo = getReplyDetails($mbox, $msgno);
            $categories = getSuitableCategories($mbox, $msgno, $type);
            $emaildate = getEmailDate($mbox, $msgno);
            $website = getWebsite($mbox, $msgno, $type);

            echo "$mediaOutlet<br>$emaildate<br>$deadline<br>$subject<br>$website<br>$journalist<br>$mediaType<br>$mainContent<br>$replyInfo<br>$categories<br><br>";

            $query = "INSERT INTO Email VALUES(null, '$mediaOutlet', '$emaildate', '$deadline', '$subject', '$website', '$journalist', '$mediaType', '$mainContent', '$replyInfo', '$categories');";
            dbInsert($query);
        }

        function checkMsgType($mbox, $msgno){
            $header = imap_fetchheader($mbox, $msgno);
            $subject = explode("Subject:", $header);
            $subject = explode("From:", $subject[1]);
            $subject = explode("[", $subject[0]);
            $subject = explode("]", $subject[1]);

            return $subject[0];
        }

        function getMediaOutlet($mbox, $msgno){
            $allBody = imap_body($mbox, $msgno);
            $mediaOutlet = explode("Media outlet: ", $allBody);
            $mediaOutlet = explode("(", $mediaOutlet[1]);
            return $mediaOutlet[0];
        }

        function getWebsite($mbox, $msgno, $type){
            $allBody = imap_body($mbox, $msgno);

            //Setting the ones without websites to null
            if($type === "Broadcaster" || $type === "PRSender"){    
                $mediaWebsite = "No Website";
                return $mediaWebsite;
            }else{
                $mediaWebsite = explode("Media outlet website:", $allBody);
                if($type === "Journo")
                    $mediaWebsite = explode("Staff", $mediaWebsite[1]);
                else if ($type === "Freelance")
                    $mediaWebsite = explode("Freelance", $mediaWebsite[1]);
                else if($type === "Promotions")
                    $mediaWebsite = explode("Editorial", $mediaWebsite[1]);
                else if($type === "Blogger")
                    $mediaWebsite = explode("Independent", $mediaWebsite[1]);

                return $mediaWebsite[0];
            }
        }

        function getStaffJournalist($mbox, $msgno, $type){
            $allBody = imap_body($mbox, $msgno);
            if($type === "Freelance"){
                $journalist = explode("journalist:", $allBody);
                $journalist = explode("Journalist", $journalist[1]);
            }else{
                if($type === "Journo")
                    $journalist = explode("journalist:", $allBody);
                else if($type === "PRSender")
                    $journalist = explode("ResponseSource:", $allBody);
                else if($type === "Promotions")
                    $journalist = explode("promotions:", $allBody);
                else if($type === "Broadcaster")
                    $journalist = explode("producer:", $allBody);
                else if($type === "Blogger")
                    $journalist = explode("blogger:", $allBody);

                //All of these have Media after them
                $journalist = explode("Media", $journalist[1]);
            }

            return $journalist[0];
        }

        function getMediaType($mbox, $msgno){
            $allBody = imap_body($mbox, $msgno);
            $mediaType = explode("type: ", $allBody);
            $mediaType = explode("Deadline", $mediaType[1]);

            return $mediaType[0];
        }

        function getDeadline($mbox, $msgno){
            $allBody = imap_body($mbox, $msgno);
            $deadline = explode("leads: ", $allBody);
            $deadline = explode("Enquiry", $deadline[1]);
            return $deadline[0];
        }

        function getQuery($mbox, $msgno){
            $allBody = imap_body($mbox, $msgno);
            $content = explode("Query", $allBody);
            $content = explode("How To Reply", $content[1]);
            return $content[0];
        }

        function getReplyDetails($mbox, $msgno){
            $allBody = imap_body($mbox, $msgno);
            $reply = explode("How To Reply", $allBody);
            $reply = explode("Media", $reply[1]);
            return $reply[0];
        }

        function getSuitableCategories($mbox, $msgno, $type){
            $allBody = imap_body($mbox, $msgno);
            $categories = explode("This enquiry is relevant to the following categories:", $allBody);
            $categories = explode("These", $categories[1]);
            return $categories[0];
        }

        function getEmailDate($mbox, $msgno){
            $header = imap_fetchheader($mbox, $msgno);
            $getdate = explode("HTTP; ", $header);
            $getdate = explode(" ", $getdate[1]);
            $emaildate = "$getdate[1]-$getdate[2]-$getdate[3]";
            return $emaildate;
        }

        function getSubject($mbox, $msgno){
            $header = imap_fetchheader($mbox, $msgno);
            $subject = explode("Subject:", $header);
            $subject = explode("From: ", $subject[1]);
            return $subject[0];
        }

    ?>
    </body>
    </html>

提醒一下,对于 Blogger、Broadcaster 和 StaffJourno,它将上传到数据库,而不是其余部分。

【问题讨论】:

  • 首先将您的代码缩减到仍然存在问题的最小数量。
  • 您是否设法通过 PDO 或其他方式来避免 SQL 注入?

标签: php mysql database imap


【解决方案1】:

您已发现代码存在的问题之一 - 引号字符破坏了 SQL。虽然去掉这里的引号会对你有一点帮助,但这仍然是https://en.wikipedia.org/wiki/SQL_injection 攻击的潜在机会。确实是个坏消息!

完整的解决方案将涉及使用准备好的语句。有关使用 PHP 进行准备好的语句的一种方式的更多信息可以在他们的网站上找到:http://php.net/manual/en/pdo.prepared-statements.php。有几个选项取决于您对 MySQL 接口的毒害。 PDO 似乎确实是当前最受欢迎的口味。

根据您计划对数据执行的操作,可能还有一些其他方面也需要解决。您能否详细说明预期的用例以及数据将如何显示?我也可以帮你。

【讨论】:

    【解决方案2】:

    我解决了这个问题。代码没有任何问题。问题是我接收的内容有 ' 符号会弄乱代码。为了解决这个问题,我创建了一个新函数,可以去掉所有的 ' 符号。

    【讨论】:

    • 你真的应该使用绑定参数,这是防止注入攻击的公认方法。
    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 2020-02-16
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2023-04-08
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode